token-validator: ip, ping, ...
This commit is contained in:
parent
6d6af5f7f4
commit
081b22a64a
5 changed files with 118 additions and 28 deletions
|
|
@ -112,6 +112,31 @@ func challengeTime(s *Student, t *givenToken, chid int) error {
|
|||
}
|
||||
}
|
||||
|
||||
func challengePing(s *Student, t *givenToken, chid int) error {
|
||||
var expected []byte
|
||||
switch s.Id % 5 {
|
||||
case 1:
|
||||
expected = []byte("baaaaaad")
|
||||
case 2:
|
||||
expected = []byte("baadfood")
|
||||
case 3:
|
||||
expected = []byte("baddcafe")
|
||||
case 4:
|
||||
expected = []byte("cafebabe")
|
||||
default:
|
||||
expected = []byte("deadbeef")
|
||||
}
|
||||
|
||||
pkey := s.GetPKey()
|
||||
if expectedToken, err := GenerateToken(pkey, chid, expected); err != nil {
|
||||
return err
|
||||
} else if ! hmac.Equal(expectedToken, t.token) {
|
||||
return errors.New("This is not the expected token.")
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func challengeDisk(s *Student, t *givenToken, chid int) error {
|
||||
pkey := fmt.Sprintf("%x", s.GetPKey())
|
||||
|
||||
|
|
@ -164,28 +189,37 @@ func init() {
|
|||
Check: challengeTime,
|
||||
},
|
||||
|
||||
/* Challenge 4 : disk */
|
||||
Challenge{
|
||||
Accessible: []func(*Student, *http.Request) error{noAccessRestriction},
|
||||
Check: challengeDisk,
|
||||
},
|
||||
|
||||
/* Challenge 5 : DNS TXT */
|
||||
/* Challenge 4 : DNS TXT */
|
||||
Challenge{
|
||||
Accessible: []func(*Student, *http.Request) error{accessFrom(IPgwDMZ), sslOnly},
|
||||
Check: challengeDNS,
|
||||
},
|
||||
|
||||
/* Challenge 6 : time net */
|
||||
/* Challenge 5 : time net */
|
||||
Challenge{
|
||||
Accessible: []func(*Student, *http.Request) error{maxProxy(1)},
|
||||
Check: challengeTime,
|
||||
},
|
||||
|
||||
/* Bonus 1 : echo request */
|
||||
Challenge{
|
||||
Accessible: []func(*Student, *http.Request) error{noAccessRestriction},
|
||||
Check: challengePing,
|
||||
},
|
||||
|
||||
/* Bonus 2 : disk */
|
||||
Challenge{
|
||||
Accessible: []func(*Student, *http.Request) error{noAccessRestriction},
|
||||
Check: challengeDisk,
|
||||
},
|
||||
|
||||
}
|
||||
|
||||
router.GET("/challenge", apiHandler(getChallengeList))
|
||||
router.GET("/challenge/:chid", rawHandler(accessibleChallenge))
|
||||
router.POST("/challenge", rawHandler(receiveToken))
|
||||
router.POST("/challenge", rawHandler(challengeHandler(receiveToken)))
|
||||
router.POST("/echorequest", rawHandler(definedChallengeHandler(receiveToken, 6)))
|
||||
router.POST("/testdisk", rawHandler(definedChallengeHandler(receiveToken, 7)))
|
||||
}
|
||||
|
||||
type givenToken struct {
|
||||
|
|
@ -219,7 +253,7 @@ func accessibleChallenge(r *http.Request, ps httprouter.Params, _ []byte) (inter
|
|||
}
|
||||
}
|
||||
|
||||
func receiveToken(r *http.Request, ps httprouter.Params, body []byte) (interface{}, error) {
|
||||
func receiveToken(r *http.Request, body []byte, chid int) (interface{}, error) {
|
||||
var gt givenToken
|
||||
if err := json.Unmarshal(body, >); err != nil {
|
||||
return nil, err
|
||||
|
|
@ -231,22 +265,11 @@ func receiveToken(r *http.Request, ps httprouter.Params, body []byte) (interface
|
|||
}
|
||||
|
||||
// Find challenge ID
|
||||
var chid int
|
||||
var err error
|
||||
if chid, err = strconv.Atoi(string(ps.ByName("chid"))); err != nil {
|
||||
if gt.Challenge > 0 {
|
||||
chid = gt.Challenge
|
||||
} else if string(ps.ByName("chid")) != "" {
|
||||
return nil, err
|
||||
}
|
||||
err = nil
|
||||
if gt.Challenge >= 1 {
|
||||
chid = gt.Challenge
|
||||
}
|
||||
|
||||
if chid == 0 {
|
||||
chid = 4
|
||||
}
|
||||
|
||||
if chid > len(challenges) {
|
||||
if chid <= 0 || chid - 1 > len(challenges) {
|
||||
return nil, errors.New("This challenge doesn't exist")
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue